The present invention generally relates to digital rights management and, more particularly, to a backup and transfer of digital rights.
Digital rights management (DRM) describes a concept by which media providers enforce limitations on usage and distribution of digital media content. Presently, there are number of DRM schemes in use. For example, mobile content providers use the Open Mobile Alliance (OMA) DRM system to protect digital mobile media content.
The OMA DRM family comprises digital rights management standards that are developed by the Open Mobile Alliance. To date, the OMA DRM family comprises:                OMA Digital Rights Management 1.0 (DRM v1.0),        OMA Digital Rights Management 2.0 (DRM v2.0),        OMA Digital Rights Management 2.1 (DRM v2.1),        OMA DRM v2.0 Extensions for Broadcast Support (XBS),        OMA Secure Removable Media (SRM),        OMA Secure Content Exchange (SCE).        
The OMA DRM system enables content issuers to distribute DRM protected content and rights issuers (RIs) to issue rights objects (ROs) for the DRM protected content. The DRM system is independent of media object formats, operating systems, and run-time environments. Contents protected by DRM can be of a wide variety, including games, ring tones, photos, music clips, video clips, streaming media, etc. For a user consumption of the content, users acquire permission to DRM protected content by contacting rights issuers, i.e. an entity that issues rights objects to DRM conformant devices. Rights issuers grant appropriate permission for the DRM protected content to use it on DRM conformant devices. The content is cryptographically protected when distributed and, hence, will not be usable without an associated rights object (RO) issued for the users device.
DRM protected content can be delivered to the device by any means, for example, over the air, LAN/WLAN, local connectivity, removable media, etc. Rights objects, however, are tightly controlled and distributed by the rights issuer in a controlled manner. DRM protected content and rights objects may be delivered to the device together or separately.
Within the scope of the OMA DRM family, there is a fundamental difference between a backup of rights and a move of rights between devices.
The backup of rights comprises copying an OMA DRM v2.x rights object (RO) from a originating device to another medium. The copied rights object is called backup rights object. However, the backup rights object remains cryptographically bound to the originating device, such that it can only be restored or reinstalled to the originating device. A backup rights object cannot be used to exercise the rights on any other device than the originating device.
The backup of rights is possible from OMA DRM v2.0 onwards. The process of restoring or reinstalling a backup rights object and making it usable on the device is called installing a backup rights object.
On the other hand, the move of rights comprises moving or transferring a rights object between two devices, i.e. from an originating or source device to a sink device. Before the move takes place, the rights object is only cryptographically bound to the source device, i.e., only the source device can exercise the rights. After the move, the rights object is only bound to the sink device, i.e., only the sink device can exercise the respective rights.
In the OMA DRM family, some form of moving rights appears in DRM v2.1. There, a move of rights is possible by uploading a rights object to an OMA DRM rights issuer (RI) and downloading it to another device. In SRM, protocols for the move of rights between a device and a secure removable media are defined, i.e., a removable media that implements means to protect against unauthorized access to its internal data (e.g. secure memory card, smart card). In SCE, protocols for the move of rights between devices are specified.
In the OMA DRM family, there are two types of rights objects:                Stateful rights objects and        Stateless rights objects.        
Stateful rights objects have a state that changes during an exercise of rights. For example, a rights object can allow a certain piece of content to be played three times. In this case, the state is the number of plays left. Stateless rights objects are rights objects that are not stateful. Both stateful and stateless rights objects can be bound to a single device, in which case they are called device rights objects, or to a group of devices belonging to the same user, in which case they are called domain rights objects.
In DRM v2.1, some protection mechanisms against replay of stateful rights objects are defined, which prevent an unauthorized extension of granted rights, for example, extending the number of plays originally granted to the device. Such protection mechanisms comprise keeping track of all received stateful rights objects in a local cache. Each entry of the local cache comprises a globally unique identification of the stateful rights object and a timestamp of the rights issuer (RI timestamp) for this rights object. A device will only install received stateful rights objects that are not already listed in the local cache memory (DRM v2.1, section 10.4). Additionally, stateful domain rights objects without a RI timestamp are kept in a separated local cache, which only keeps track of the unique identification of the rights object. DRM v2.1 defines yet another local cache to prevent the replay of stateless rights objects uploaded to a rights issuer. When a device uploads a stateless rights object to the rights issuer, a new entry with a unique identification of the rights object and the rights object timestamp is inserted in the cache.
In SRM, an attack of replaying a rights object that has been moved out from the device to the secure removable media has not been addressed yet.
A problem occurs when both move and backup for the same rights object are allowed. In particular, this holds for SRM. The following attack may be possible:    1. A user makes a backup of the rights object from the source device.    2. The user then moves the rights from the source device to the sink device.    3. Finally, the user restores the backup to the source device.
In this way, the user might duplicate the rights. This problem also applies for the replay of a rights object via an out-of-band delivery after the rights object has been moved from the source device.
Such an attack has been recognized in OMA. However, a suitable solution has not been identified yet although SRM speculates about not allowing move for a rights object of which a backup copy has been performed. This implies that the user may choose either if he may want to move the rights object sometime in the future or if he wants a safety backup. If he decides for a backup, the rights object in this case is bound to the source device forever. This would be a bad user experience, since the user is restricted in his rights although he only wants to store them in a safe place.
A similar problem appears for a backup of a stateful rights object. In this case, the following attack scenario is possible.    1. A user makes a backup of the stateful rights object.    2. The user consumes some of the rights (changing the state).    3. The user removes the rights object and accompanying state information from the device.    4. The user restores the backup rights object to the device.
As the state information has been deleted, the attacker can exercise the rights as they were before the state was changed.
Unnecessarily restricting the user in his rights, although he only wants to store a backup in a safe place, and not providing a solution to the above-mentioned problem could result in a bad user acceptance and, thus, to a commercial failure of OMA DRM systems.
Hence, it would be desirable to reduce the described inherent tension between protecting digital media content by related rights objects on the one hand and providing consumers with enough flexibility to manage the content they purchase in a reasonable way.